Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.

Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.


Happy posting!

Is my wifi safe from hackers? Am i doing it right?

CourtneyCutieCourtneyCutie Member Posts: 3
Name Dropper First Comment
in Devices & Security

Need advice...

7CCB9F45-B766-4BF4-817A-2B604DB3EBDF.jpeg


KurtBojangles

Best Answer

  • CrowgrandfatherCrowgrandfather Member, Beta Tester Posts: 69
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭
    Accepted Answer

    Here's my advice


    Turn off WPA. Use only WPA2. WPA is a legacy program with a lot of problems.


    Turn off TKIP only use AES. TKIP exists for old devices like Windows XP that don't support WPA2/AES. TKIP has the same vulnerabilities as WPA.


    Pretty much every device built in the last 15 years supports WPA2/AES so having WPA/TKIP enabled only makes your router easy to brute force.

    CourtneyCutie

Answers

  • KurtBojanglesKurtBojangles Member Posts: 1
    First Comment Photogenic
    WPA2-PSK with TKIP is a reasonably strong auth/encryption configuration.  Just make sure your password isn't something simple. Make it at least two unrelated words, interspersed with numbers and characters.
  • RobinRobin Administrator, Fing Team Posts: 4,081
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    admin
    Hi @CourtneyCutie

    There a few things that are best practices for a secure network.  
    1.  On a large number of routers, the Admin user ID and password are the default and right on the bottom of the router.  
    2. Some Guest & primary networks share the same password.  
     
    Every home grade router has these features. You can follow the below-mentioned steps for securing the network. 

     
    1.  Change the admin password to something with 11 characters or more. 11 characters as a base make it hard for password crack utilities to break.  Having more than 16 is even better.   
     
    2. Change the Guest network password or even turn it off when not in use. 
     

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • CourtneyCutieCourtneyCutie Member Posts: 3
    Name Dropper First Comment

    I don’t know which one to choose 🤷🏻‍♀️

    WPA2-PSK or WPA2-EAP?

    46B79449-2676-41CB-BD01-213E0B17D9E0.jpeg


    Crowgrandfather
  • CrowgrandfatherCrowgrandfather Member, Beta Tester Posts: 69
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭
    https://community.fing.com/discussion/comment/17085#Comment_17085

    You want WPA2-PSK.


    WPA2-EAP is for enterprise systems using a Radius server.


    The main difference is this:


    PSK has one password. The password is the same for everyone. If you know it you can access the WiFi.


    EAP uses a backend database to authenticate user (Radius). Each user has a unique username and password for the WiFi. EAP actually has some unique features you can set up like rotating passwords so each day is a different password, passwords that only work as certain times, 2FA for WiFi, etc. But again it requires a backend database.

  • Lee_BoLee_Bo Member Posts: 273
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭✭
    I would add to make sure that auto blocking of new devices is enabled:

    I just blocked my MacBook Pro and once I did that, I couldn't even get to my Ubiquiti router.  So even if someone managed to connect to your network, they wouldn't be able to do anything.
  • CourtneyCutieCourtneyCutie Member Posts: 3
    Name Dropper First Comment
    https://community.fing.com/discussion/comment/17088#Comment_17088

    WPA2-PSK + AES???

    is this correct?

  • CrowgrandfatherCrowgrandfather Member, Beta Tester Posts: 69
    5 Answers 25 Likes 10 Comments First Anniversary
    ✭✭✭
    https://community.fing.com/discussion/comment/17105#Comment_17105

    Perfect

    CourtneyCutieCiaran
Sign In or Register to comment.